summaryrefslogtreecommitdiff
path: root/arch/mips/kernel/traps.c
diff options
context:
space:
mode:
authorWANG Xuerui <git@xen0n.name>2020-07-29 16:14:17 +0300
committerThomas Bogendoerfer <tsbogend@alpha.franken.de>2020-07-31 18:52:47 +0300
commitbc6e8dc112133a60efbede8acde36dd5d1e748a1 (patch)
tree47580d288a57791e804a18932ab5ab6589c4a535 /arch/mips/kernel/traps.c
parent2480c914699ecdf8b560f7af23b1a9c521084e04 (diff)
downloadlinux-bc6e8dc112133a60efbede8acde36dd5d1e748a1.tar.xz
MIPS: handle Loongson-specific GSExc exception
Newer Loongson cores (Loongson-3A R2 and newer) use the implementation-dependent ExcCode 16 to signal Loongson-specific exceptions. The extended cause is put in the non-standard CP0.Diag1 register which is CP0 Register 22 Select 1, called GSCause in Loongson manuals. Inside is an exception code bitfield called GSExcCode, only codes 0 to 6 inclusive are documented (so far, in the Loongson 3A3000 User Manual, Volume 2). During experiments, it was found that some undocumented unprivileged instructions can trigger the also-undocumented GSExcCode 8 on Loongson 3A4000. Processor state is not corrupted, but we cannot continue without further knowledge, and Loongson is not providing that information as of this writing. So we send SIGILL on seeing this exception code to thwart easy local DoS attacks. Other exception codes are made fatal, partly because of insufficient knowledge, also partly because they are not as easily reproduced. None of them are encountered in the wild with upstream kernels and userspace so far. Some older cores (Loongson-3A1000 and Loongson-3B1500) have ExcCode 16 too, but the semantic is equivalent to GSExcCode 0. Because the respective manuals did not mention the CP0.Diag1 register or its read behavior, these cores are not covered in this patch, as MFC0 from non-existent CP0 registers is UNDEFINED according to the MIPS architecture spec. Reviewed-by: Huacai Chen <chenhc@lemote.com> Signed-off-by: WANG Xuerui <git@xen0n.name> Cc: Huacai Chen <chenhc@lemote.com> Cc: Jiaxun Yang <jiaxun.yang@flygoat.com> Cc: Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Diffstat (limited to 'arch/mips/kernel/traps.c')
-rw-r--r--arch/mips/kernel/traps.c35
1 files changed, 35 insertions, 0 deletions
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
index 9c37a6997259..b95ef98fc847 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -90,6 +90,7 @@ extern asmlinkage void handle_tr(void);
extern asmlinkage void handle_msa_fpe(void);
extern asmlinkage void handle_fpe(void);
extern asmlinkage void handle_ftlb(void);
+extern asmlinkage void handle_gsexc(void);
extern asmlinkage void handle_msa(void);
extern asmlinkage void handle_mdmx(void);
extern asmlinkage void handle_watch(void);
@@ -1900,6 +1901,37 @@ asmlinkage void do_ftlb(void)
cache_parity_error();
}
+asmlinkage void do_gsexc(struct pt_regs *regs, u32 diag1)
+{
+ u32 exccode = (diag1 & LOONGSON_DIAG1_EXCCODE) >>
+ LOONGSON_DIAG1_EXCCODE_SHIFT;
+ enum ctx_state prev_state;
+
+ prev_state = exception_enter();
+
+ switch (exccode) {
+ case 0x08:
+ /* Undocumented exception, will trigger on certain
+ * also-undocumented instructions accessible from userspace.
+ * Processor state is not otherwise corrupted, but currently
+ * we don't know how to proceed. Maybe there is some
+ * undocumented control flag to enable the instructions?
+ */
+ force_sig(SIGILL);
+ break;
+
+ default:
+ /* None of the other exceptions, documented or not, have
+ * further details given; none are encountered in the wild
+ * either. Panic in case some of them turn out to be fatal.
+ */
+ show_regs(regs);
+ panic("Unhandled Loongson exception - GSCause = %08x", diag1);
+ }
+
+ exception_exit(prev_state);
+}
+
/*
* SDBBP EJTAG debug exception handler.
* We skip the instruction and return to the next instruction.
@@ -2457,6 +2489,9 @@ void __init trap_init(void)
if (cpu_has_ftlbparex)
set_except_vector(MIPS_EXCCODE_TLBPAR, handle_ftlb);
+ if (cpu_has_gsexcex)
+ set_except_vector(LOONGSON_EXCCODE_GSEXC, handle_gsexc);
+
if (cpu_has_rixiex) {
set_except_vector(EXCCODE_TLBRI, tlb_do_page_fault_0);
set_except_vector(EXCCODE_TLBXI, tlb_do_page_fault_0);